What CISPA Could Mean for Start-ups (and You)

Christina DesMarais is an Inc.com contributor who writes about the tech startup community, covering innovative ideas, news, and trends. On Google+, add her to one of your circles. Have a tip? Email her at christinadesmarais (at) live (dot) com.

If you recall, SOPA and PIPA were squashed just a few months ago thanks to privacy groups, technology companies, and Internet users who made a fuss over worries that the proposed legislation would usher forth a new era of Internet censorship. Now an equally maligned bill, the Cyber Intelligence Sharing and Protection Act (CISPA), has passed in the House of Representatives and will be taken up by the Senate in May.

What Is CISPA?

If eventually made into law, CISPA would amend the National Security Act of 1947 and provide a way for the business sector and the government to share information so as to combat, investigate, and prosecute cyber attacks; protect people from threats of death or injury; and protect minors from harm and protect national security.

All commendable pursuits, right?

The problem, however, is the bill's wording would allow companies to step around long-held laws that protect the privacy of Internet users. Currently if the government suspects someone of a crime it needs to go to a judge and get a subpoena before companies like Facebook or cellular carriers will give up user data.

Under CISPA such companies could just hand over such data, effectively opening a backdoor through which the government can profile Internet users.

CISPA and Tech Start-ups

Thanks to social networking, mobile apps, and GPS, technology firms have access to vast amounts of user data. And for the most part, consumers are starting to understand that and slowly let their guard down—in spite of the occasional complaints about privacy and the like.

We check in. We link our listening and reading activities to Facebook so all of our friends know what we're doing when. We tweet about the mundane, the momentous, and everything in between.

But at some level we know the companies tracking all these posts only care about money. They want our data so they can better market to us.

The government is an entirely different animal.

If something like CISPA were to become reality, would consumers' behaviors change? Would they actually scale back their sharing? Would the word "trust" in regard to the relationship between developers and users take on new meaning if people believed the government was tracking and aggregating everyone's data?

"Over time, our distrust in sharing information freely can start to erode the social Web of our society. People start to clutch ideas more closely, like poker players engaged in a zero-sum game. I know several perfectly reasonable people who have already stopped using social media tools out of this fear," he says.

Even so, some of the biggest companies in the tech industry—Facebook, IBM, Verizon, AT&T, among others—have written letters supporting CISPA. Their reasoning? They may not agree with every aspect of the bill, but it could prevent them from being sued by users.

Will CISPA Prevail?

Understandably, the prospect of the government being able to spy on citizens has civil liberties groups up in arms.

Advisors to the Obama administration have said that if the bill gets to the president's desk they will recommend that he veto it. And many feel once the Senate reconvenes on May 7 CISPA doesn't have a chance there.

Another bill—one that attacks the problem of cyber threats differently, by putting security mandates on public utilities—has more support in the Senate, is co-sponsored by Senators Joseph Lieberman (I) of Connecticut and Susan Collins (R) of Maine and backed by the Obama administration.

"My question is, let's say that they are able to move the Lieberman Collins bill forward and get it passed in the Senate. Then we have this concerning situation where on the House side we have CISPA and on the Senate side we've got Lieberman Collins and the question is where is the negotiation going to take place?" asks Rainey Reitman, activism director for the Electronic Frontier Foundation.

"I'm deeply worried that what we'll end up with is some zombie legislation that includes critical infrastructure from the Lieberman-Collins bill but takes the worst parts of CISPA, the information sharing components and grafts them onto the Lieberman Collins bill," Reitman says. "That would be the situation we're deeply troubled by and trying to avoid."